Why Good SOC Analysts Know Offense & Defense
Вставка
- Опубліковано 1 чер 2024
- If you’re a SOC analyst or managing them, it’s important to know what factors build proficiency. The first is your mindset. Many SOC analysts spend a lot of time on the system administration and log monitoring. You’ve got to understand both offense and defense at a deep level to become proficient as a SOC analyst. Both drive each other. As a blue teamer, knowing proper exploitation methods helps you hunt threat actors on a network. As a red teamer, knowing how detection engineering works helps you design attacks that are much stealthier.
The second factor for SOC analysts is to build and train on a home lab. A home lab is like a gym for SOC analysts. Gyms help athletes become faster and stronger. Home labs help you become more proficient with both offensive and defensive tools. You don’t need many resources to build a home lab. A desktop tower with enough RAM and CPU lets you virtualize operating systems or network appliances like firewalls. If you’re on a budget, a few Raspberry Pi’s and your laptop, physically wired to a cheap switch, can be enough as well.
The third factor for successful SOC analysts is constant love for learning. Whether you’re a voracious reader or binge watcher, there're resources everywhere. Blog articles, tweets, books, podcasts, UA-cam, can all guide you along the learning path. In many cases, they can be more valuable than an actual cyber security course! Good SOC analysts know how to track resources to stay organized or reference back to later. Simple tools like OneNote, Google Drive, and Bookmarks can all do the trick.
The road to mastery is long. But armed with these three pieces, it’s much more attainable than you think. Level Up.
FULL INTERVIEW: • Life of a SOC Lead (w/...
00:00 Building a Home Lab
01:30 Offensive and Defensive Toolkits
03:15 How to Keep Track of Tools & Resources
03:57 Red vs. Blue Mindsets
05:03 Are Cyber Security Certifications Valuable?
06:16 SOC Analyst Skills and Salaries
07:45 Interviewing for a Cyber Security Job
09:12 The Journey from Beginner to Pro
11:24 Tips as a Technical Leader
12:51 Security Advice for Your Mother
#SOCAnalyst #CyberSecurity #Cyberspatial - Наука та технологія
What does your home lab look like?
This has been a great, realistic and professional interview that i can finally agree on. Not many talk the way he talks, i consider this a highly-recommended video to send to those who need to know this.
Definitely a good choice to pull this particular part of the interview out as its own video. Great overview of...well, all the things for how to get into this. Reminds me that I really need to OSINT the crap out of myself some time. ... I'll probably scare myself to the point of a heart attack. XD
For note-taking, I'm a huge fan of plaintext. I know it's not for everyone, but Vimwiki lets me give order to and navigate around a ton of markdown documents easily. It's definitely not for everyone though; vim has a learning cliff, not curve. But, with plaintext I can modify it however I want, search however I want, do all sorts of crazy things with tools like pandoc and more. It's liberating.
Thanks for your thoughts! Having a quick highlight reel is also more shareable with people than a full-interview too! Definitely recommend OSINT-ing yourself. There's a lot you can learn, and maybe even implement defense measures too!
I use OPNsense and KVM/QEMU. I use it myself and it's AWESOME!
I use KVM/QEMU on my ProxMox server and on my Main Gaming PC for virtualizing Windows for playing Genshin Impact.
And OPNsense is just aweomse. Network Security at its finest :D
Good video @cyberspatial. Thank you for making this one and looking for more offsec and defense tools videos and more good stuff. :)
Will keep in mind, thanks for watching!
Great interview, really helpful! I've noticed in the other interviews on your channel, including this one, the experts using Google. In the video with Chris M. he even recommended Gmail, doesn't it using Google kinda go against the beliefs of Cyber Security in general. I physically cannot use Google, all the ads, and the links of companies that paid more coming first instead of the better results, after I saw how much information they have collected about me just on a single search, I gave up. A video on this topic would be great, if you think it won't affect the channel, because you know UA-cam = Google :D Best Regards
Wonderful questions per usual!
Thank you!
I'm happy to have guys say the same things as me about certification ahah.
Awesome to hear :)
Wahouu great content! I'm speechless.
Thanks!
Would you film a video about how to start learning pentesting from scratch? And what are the best resources websites, books, apps....?
Start with ejpt. Best entry level cert at the moment.
We'll look into it thanks!
Ok great video! :)
Thanks!
As a SOC Analysts you u use Facebook? And If we use should delete It?
Social media is useful if you're using it to produce/create. Other than that it can introduce a lot of privacy and security concerns. For most people, it's probably wiser to delete. Timesaver and efficiency too!
Why not OPNsense?
Great choice as well! I've just found PfSense to be a bit easier to learn at first.
Great option too! Documentation and UI wise, pfSense is more mature.
Osquery is working with wazuh.
👍
If you care about security you are using OPNsense instead of Pfsense.
Both are great options. What specific security advantages do you think OPNsense offers?
just amazing